The Tiki Community proudly announces maintenance and security updates to all of the major branches of Tiki Wiki CMS Groupware:
- Tiki 11.1
- Tiki 10.4 (This is the final release of the 10.x branch)
- Tiki 9.7LTS
- Tiki 6.13LTS
These releases include several security fixes, including one critical one, and several bug fixes (and minor enhancements in 10.4 and 11.1). It is very important for sites to be upgraded to the latest versions.
Please refer to the documentation for each release ( https://doc.tiki.org/tiki11 , https://doc.tiki.org/tiki10 , https://doc.tiki.org/tiki9 , and https://doc.tiki.org/tiki6 , respectively) for complete details.
Note that the release of Tiki 11.1 marks the closure of the Tiki 10.x branch — no new releases on the 10.x branch are planned.
Minimal release patches for 5, 7 and 8 will soon be also available to make updating easier, although updating to a supported LTS branch at least is strongly recommended.
Which Version is Right for Me?
The Tiki Version Lifecycle page ( http://info.tiki.org/Version+Lifecycle ) will help you choose the right version to install. To download Tiki, visit: http://tiki.org/download .
These releases include the following security patches:
- An XSS vulnerability discovered by Yuji Tounai ( http://bogus.jp ) as reported to Tiki by JPCERT Coordination Center (JPCERT/CC) (JVN#81813850 / TN: JPCERT#94723715).
- An SQLI vulnerability discovered by Yuji Tounai ( http://bogus.jp ) as reported to Tiki by JPCERT Coordination Center (JPCERT/CC) (JVN#75720314 / TN: JPCERT#91009009).
- An XSS vulnerability discovered by Nikhil Kumar Srivastava from Techdefence Labs and Jinen Patel; subsequently coordinated with CERT Coordination Center (firstname.lastname@example.org) (CERT VU#450646).